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Computer-Generafed Translation of 
Specification of JF 2001-117873 A 

CLAIMS 

jClaimts)] 

[Claim j jit is a terminal for attesting a terminal user using the 1 st information inputted by 
terminal user. An output means which outputs the 3rd information, that said terminal user 
grasps beforehand according to the 2nd information inputted by said terminal user inputted 
before a terminal user inputs said 1 si information, A terminal wherein it has an input means 
which enables an input of said 1st information from said terminal user alter said output 
means outputs foe 3rd information, and said output means outputs said terminal user's 
authentication result based on the 1st information inputted from said input means. 

[Claim 2]ln the terminal according to claim 1, said 1st information is a password or a 
password. 

A terminal wherein said 2nd information is user-identification ID which is the information 
which specifies said terminal user and said 3rd information is user characteristic data as 
which said terminal user may grasp beforehand correspondence relation between sa id 2nd 
information and said 3rd information. 

(Claim 3 jln the terminal according to claim 2, said 3rd information. Consist of two or more 
user characteristic data to each terminal user, and said input means inputs directions 
information which directs one user characteristic data from said two or more user 
characteristic data from said terminal user, A terminal, wherein said output means outputs 
user characteristic data chosen based on directions information from said input means. 

(Claim 4]A terminal characterized by said output means being what displays said user 
characteristic data in foe terminal according to claim 2. 

[Claim 5 {Information processing equipment connected to a terminal which attests a terminal 
user via a network using the 1st information inputted by terminal user, comprising: 
A memory measure which constructs two or more 3rd information corresponding to said 1st 
information, and memorizes it. 

A means to retrieve the 3rd information that said terminal user grasps beforehand according 
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to the 2nd information received from said terminal before said terminal user inputted said 
1st information. 

A means to transmit said 3rd retrieved information to said terminal. 

A means which attests said terminal user using said 1st information received from said 

terminal after outputting said 3rd information to said terminal. 

[Claim 6 {la die terminal according to claim 5, said '! si information. Are a password or a 
password and tid 2nd rfonnation. It is user-identification ID which is the information 
which specifies said terminal user, and said 3rd information is user characteristic data as 
which said terminal user may grasp beforehand correspondence relation between sa id 2nd 
information and said 3rd information. Information processing equipment, wherein said 
memory measure has memorized two or more user characteristic data to each terminal user 
and said search means searches one of said two or more user characteristic data according to 
directions information received from said terminal, 

{ Claim 7 {Have the following, and said terminal inputs the 2nd information in advance of an 
input of said 1st information from said terminal user, transmit to said information 
processing equipment md said inforn tion processin qui nenf It has a memory measure 
which constructs two or more 3rd information corresponding to said 2nd information, and 
memorizes it. According So said 2nd information received from said terminal, the 3rd 
information that said terminal user grasps beforehand is retrieved, A terminal which 
transmitted said searched result to said terminal and received said 3rd retrieved 
information, A user authentication system, wherein said information processing equipment 
which received the 1st information from said terminal user, transmitted to said information 
processing equipment, and received the 1st information from said terminal attests said 
terminal user based on said 1st information 

A terminal into which are a user authentication system which attests a terminal user, and 
said terminal user is made to input said 1st information using the 1st information inputted by 
terminal user. 

information processing equipment connected to said terminal via a network: 

[Claim SjTn the user authentication system according to claim 7. said 1st information. Are a 
password or a password and said 2nd information, A user authentication system, wherein it 
is user-identification ID which is the information which specifies said terminal user and said 

I in forma ti istic data as whi< nai uses e > 

correspondence relation between said 2nd information and said 3rd information. 



-3 - 



Claim 9]A usei anthem cation method telling ^a d usei abt f t I - tinai ng gem me 
before a user enters a password or a password into a terminal. 

[Claim 10 ja password or a password entered by user - it being the user authentication 
method which attests a user, and, In advance of an input of said password or a password, 
user-identification ID from said user is inputted from said user. Constructed two or more 
user characteristic data corresponding to said password or a password, and they are 
memorized. According so saul usei i lew ficatioo ID. u^et characteristic data winch said 
user grasps beforehand are searched, A user authentication method receiving a password or 
a password front said user, and attesting said user based on said received password or a 
password after outputting as a display said user can recognize said searched user 
characteristic data to be, or a sound. 

[Claim 1 1 jin Claim 9 or a user authentication method of any of 1 0, or a description, two or 
more said user characteristic data are memorized to each user 

A user authentication method characterized by choosing one of said two or more user 
characteristic data based on directions information inputted by said each user. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention) 
[0001] 

[Field of the Invent hen t I te the user at the time of 

performing data communications and accessing a server from the computer used as a 
terminal about data communications, it is concerned with the method, die terminal, server, 
and system which check the justification of the computer which a user uses, or a server. 
[0002] 

[Description of the Prior Art jConventionali>\ in the system which consists of a terminal and 
a server, it was performed thai a server attests whether it is regular for a terminal or its user 
or that a terminal attests whether the server of a connection destination is a right server. 
1 0003 j For example, in the exchange between a terminal and a server, the device which 
confirms mutually whether a terminal and a server are right things made the user input one 
of the pass wot iN e tand, checked mutual justification and suited as indicated 

toJPJHll-85702,A. 

[0004 [There was a device with which a third party does not try to be robbed of a password 
or a password at the time of an input conventionally. 
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|i i < v v ( h le un rre c d inform (ton and 

ihe combination of a password. The method of carrying out user authentication was 
common, and changed the display or key operation was kept from being known, and when 
inputting a password as indicated to J P.Hi 1-19.1094.A, it was devised so that others might 
not try to be robbed. 
[0006 J 

[Problem to be solved b> the inven ioi Mum IK in; checl method whethet tin above a 
terminal, and a server are right things. Since the user who inputs a password was not able to 
check correctly whether it is connected to a right server, or a terminal is regular, it is that the 
machine itself is imitation and had not become management to the danger that a password 
will be stolen. 

[OOOTjln a device with which a third party does not try to be robbed of a password or a. 
password at the time of an input, since, as for the cash automatic transaction machine, 
saying [ that it is a right machine J was the requisite, the user trusted the machine, and he 
had inputted the password as he followed the directions. Therefore, there was no 
management to the danger that a password will be stolen because the machine itself is 
imitation. 

[G008]Although a variety of terminals are used at a taxi and various places, such as an 
extraordinary store, and the cases where settling processing is performed will increase in 
number especially from now on, A user whether the terminal, or the server and system 
w hich are connected are a right thing. Or it cannot be detected by the method of inserting 
the present card and inputting a password as it is whether it is the fake terminal or fake 
system made in order to steal card information and a password. 

[0009]ln die electronic banking by electronic Commerce Technology Division or a debit 
card, since the server linked to a terminal or a terminal is imitation, the purpose of this 
invention is to provide the i e ei .< « stem which 

prevent beforehand that a password will be stolen by others. 
[0010 j 

[Means for solving problem ]To achieve the above objects, in this invention by the input of 
insertion of a card, user ID, an account number, etc. A means for the means which gives that 
information to a server, and a server to transmit to a terminal ihe information peculiar to a 
user which only a user understands from this input, and to display. A user is recognizing it 
being heard and their being the contents of the right, or it sees reading the transmitted 
information peculiar to a user, after he checks that a terminal and a server are just, inputs a 
password and forms a means to transmi t to a server. 

[001 I jThai is, before inputting a password not to leak to others, it solves by preparing the 
mechanism in which a system provides the information a user judges it to be whether this 
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termmai and a system are regular. When a user displays the information peculiar to a user 
registered into the regular server on a terminal and shows it beforehand to a user as 
information foi the judgment a i ser enables it to judge a reg d imitation 

[00 123 

[Mode for carrying out the inven tionJHereafier, an embodtment of the invention is described 
using Drawings, 

[0013| Drawing 1 is a system configuration figure showing one embodiment of this 
invention. 

jOONjm this figure, the database with which a terminal and 103 store a network. 1 04 stores 
a server, and, as for I Of a user and 102 store User Information, as tor 105, and 106 show a 
settlement center. 

[001 5] When the user 101 uses the terminal 102 and performs settling processing from a 
remote place, The network 103 is used, the server 104 in the settlement center 1 06 is 
accessed, and after performing authenticating processing using the database 105 with which 
the user's information is accum ulated, settlement of accounts is processed. It is using t3 card 
and entering a password or a password (it is only hereafter described as a password) in this 
example, mainly when a user's performs settling processing. The server of a settlement 
center is reached, and by comparing with the registration data in a server, the information 
proves that he is the person himself/herself and performs settling processing. 
[0016]Drawmg 2 shows the terminal and the server block diagram. 
[0017]As shown in this figure, the terminal 101 has the display 201, CPU 202, the memory 
203, the card reader 204, the key input section 205, and the communication port 206. The 
settlement center 106 is provided with the following. 
Server 104. 
Database 105. 

The server 104 has the input device 208, the display 209. CPU 210,. the memory 21 1 , and 
the communication port 212. The database 105 comprises the storage device 2 1 4. The server 
104 and the database 105 are connected by bus 213. The terminal 101 and the server 104 are 
connected in the network 103. 

j0018|CPU 202 executes the program currently stored in the memory 203, and the terminal 
101 performs control of the card reader 204, display by the display 201, input from the 
keystroke 205, and communication with the server which leads the communication port 206. 
[0019}CPU 210 executes the program currently stored in the memory 211, and the server 
104 performs communication with the terminal which leads the communication port 206, 
access to the database 105, the display by the display 209. and the input from the input 
device 208. 

(0020 [The database 1 05 is a basis of the program execution in the server 1 04, and per forms 



re- 



search of data and collation. 

i021] Drawing ht ving a screen dispias n the ten rial which pphed this 

invention. 

022 1 reen display u i i iih a flow of processing is shown from the 

terminal screen 30 1 a. In the terminal screen 301 a. the display 302 of "let me read a card" 
appears in the beginning. Thereby, a user makes card information read by a card reader of a 
terminal as shown in 303. Next, card information is transmitted to a server and user 
characteristic data searched from a database from this card information are sent to a terminal 
from a server. If the user characteristic data 304 are displayed, a user judges tins to be a 
right value and OK button 303 is pushed as shown in. the terminal screen 301 b, a screen will 
change to the terminal screen 301c, The display 306 "put in a password" comes out in the 
terminal screen 30.1c. 

[00231'rhereby. a user inputs the password 307. as shown in the terminal screen 301 d. 
[0024 [Then, as shown in 308, an inputted password is sent to a server and settling 
processing is performed , In the terminal screen 301a, after insertion of a card is directed, in 
the terminal screen 301b, it is shown in user characteristic data being displayed, A user 
looks at these displayed user characteristic data, and it judges whether it is what he 
registered into a settlement center a priori, and only when it is a right value, a password is 
called input at the terminal 30 Id. 

(0025 j Although the screen which directs the input of a password came out as it is here, 
without displaying user characteristic data or user characteristic data were displayed, Since a 
user can judge thai the terminal currently used or the connected server is inaccurate and it is 
not necessary to input a password when the displayed value is wrong, h. can prevent, that a 
password is stolen. 

[0t)26]Drawmg 4 is a user, a terminal, a server, and a figure showing the flow of processing 
between databases. 

[0027 jlf the user 40.1 makes a card read into the terminal 402 as shown in 405, a terminal 
will tell card ID within the read card information to the server 403, as shown in 406. Here, 
card ID should just be a name, a sign, a number, etc. which are the information which can 
specify a user. Card ID functions in this meaning as user-identification ID including 
concepts shown in drawing 5. such as an account number and user ID, 
1.0028 jThe server 403 tells card ID to the database 404, as shown in 407. From User 
Information accumulated, user characteristic data are searched with the database 404 to a 
key, and in it, card ID is told to the server 403, as shown in 408. Here, user characteristic 
data are information including \ name imnmt 1 \ s t a sound etc hit n t i 
Sj e ied bj me\ tons user-identification ID and is beforehand recognized by the user. 
(0029 }The server 403 gives user characteristic data to the terminal 402, as shown in 409. As 



-7- 



showii in 410, the terminal 402 displays user characteristic data and tells the user 401 about 
them. The u->et 40 f ing the displayed use characteris ic d if i w hethet k a right 
thing, and as shown in a right case 411, fee inputs a password into the terminal 402. The 
terminal 402 tells a password to the server 403. as shown in 412. The server 403 tells a 
password to the database 404. as shown in 413. In the database 404, the told password 
compares whether it is in agreement with the password beforehand registered into User 
Information in a database When in agreement, as shown in 4! 4, it is reported to the server 
403 that a result is the notice of the completion of collation. In the server 403, as shown in 
415, when it notifies the completion of collation to the terminal 402 and is in agreement, the 
settling processing 416 is started in the terminal 40.2 and the server 403, 
[0030 jdra wing 5 is the User Information management table accumulated in the database in a 
settlement center it becomes user-identification ID 501 and the user characteristic data 
502 from the password 503. 

1 003 1 jUser-ideniificaiion ID 50 1 . card ID, an account number, user ID, etc, are used, for 
example. This User Information management table 500 can search now the user 
characteristic data 502 and (he password 503 for user-identification ID 501 to a key . 
[0032]Drawing 6 is a figure showing the process flow seen from the "user" in this invention. 

01 I s make < I ead nto from a terminal in the processing 602 in the 
processing 601 when there is a demand of an input of a card. Next, in the processing 603, 
the user characteristic data which a terminal displays are seen whether be a right, thing, and 

t judge md ii hi t OKb ton nil be pushed in the processing i04 Next like the 
processing 605, if a terminal asks tor the input of a password, m the processing 606, it will 
input a password and will receive account settlement services in the processing 607 after 
that. 

j0034]When the information which user characteristic data were not displayed or was 
displayed in the processing 603 on the other hand is not a right thing, Processing is finished 
in the processing 608, without stopping operation, the used terminal being a fake terminal, 
or judging that it is connected to a fake system like the processing 600, and inputting a 
password. 

[0033JDrawmg 7 is a figure showing the process flow performed with the "terminal" in this 
invention. The function shown here is realized as a program. 

10036 jin the processing 701 , if insertion waiting of the card is carried out and there is card 
insertion, in the processing 702, the card information containing user-identification ID will 
be read. The read card information is transmitted to the server of a settlement center in the 
processing 703 Next m the processing 704 if then at tith dt a >ti " tbout 
reception of user characteristic data from a server, in the processing 705, user characteristic 
data will be displayed on the screen of a terminal Next, if a user pushes the button of O.K. 
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as shown in she processing 706, in the processing 707, the input request of a password will 
be displayed on a terminal screen to a user. In the processing 708. when there is an input of 
the password by a user, in the processing 709, the password inputted into the server of the 
settlement center is transmitted. Next, in the processing 710. the result of the attestation of 
the completion of attestation by a server by the processing 71 1 waiting and when it 
completes is investigated, and if it is O.K., and account settlement services are made to start 
and service is completed in the processing 713 in the processing 712. it will return to the 
first state. 

|0037jOn the other hand, in the processing 71 1 , when an authentication result is NG, like 
the processing "14, the measure of a dealings slop is taken and ii returns to the first, state. 
[0038 jDrawing 8 is a figure showing the process flow performed by the "server" in this 
invention- The function shown here is realized as a program. 

[0039 jln the processing 801, receiving waiting of the card information containing user- 
identification ID from a terminal is performed, when it receives, in the processing 802, the 
received card information is sent to a database and search of user characteristic data is 
directed. Next in the processing 803. search waiting of the user characteristic data from a 
database is performed, and transmission to the terminal of the searched user characteristic 
data is performed in the processing 804 at the time of the completion of search. Next, in the 
processing 805, if there are waiting and reception about the password from a terminal, in the 
processing 806, the password which received is sent to a database and the collation 
processing of whether to be in agreement with the password beforehand registered into the 
database is directed. In the processing 807, when it turns out that the collation processing in 
the database was completed, in the processing 808, a matching result is investigated, and if 
it is O.K., and account settlement services are made to star! and service is completed in the 
processing 81 1 m the processing 810, it will return to the first state. 

i0040}Ori the other hand, in the processing son when a matching result is NG, a measure of 
issuing directions of a dealings stop is taken like the processing 812, and it returns to the 
first state. 

[0041 JDrawing 9 is a figure showing a process flow of a "database" in this invention . A 
function shown here is realized as a program. 

[0042] In the processing 903, when there are waiting and a request, retrieval requesting from 
a server, in the processing 902. it investigates whether it is the retrieval requesting of user 
characteristic data to wh ich the contents of the request used as a key card information 
containing user-identification ID. and when that is right, in the processing 903, card 
information is retrieved for user characteristic data to a key to the User Information 
management table. And in the processing 904, user characteristic data of search results are 
transmitted to a server, and it returns first 
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i 0043 JOn the other hand, when a request content is not search "of user characteristic data in 
the processing 902, it is mvestu ited vs fsether it is having been, the collation request of a 
password which used as a key card information in which a request content includes user 
identification information in the processing 905. When that is right, card information is 
etrieved fot \ password >> the >roce 1 to tke> to the I set Information 

management table. And in the processing 907, it investigates whether a password from a 
server and a searched password are in agreement, and in being in agreement, in the 
processing 908 colia n c anpletion processing ts performed., and it notifies a server thai a 
matching result is "coincidence", and returns first. 

10044 jOn die other hand, in the processing 907, when the password from a server and the 
seai ched password are not in agreement, in the processing 909, collation completion 
processing is performed, and it notifies a server that a matching result is "disagreement", 
and returns first. 

[0045 Jin the processing 905, when a request content corresponds to neither, it returns first 
[0046]It is a figure showing the flow of processing until it judges that drawing .10 is 
inaccurate when the terminal currently used is a fake terminal and comes to stop dealings. 
[0047], The user 1001 makes a card read into the terminal (fake terminal) .1002 like 1003. 
Like 1004, since the user characteristic data which cannot he connected to a regular server, 
either but should be returned since a terminal is imitation are not known, either, when the 
display of those other than user characteristic data is performed, in the processing 1005, a 
user judges that it is inaccurate and stops dealings. 

|004K). The user 1.006 makes a card .similarly read into the terminal (fake terminal) 1007 
like 1008. Like 1009, since the user characteristic data which cannot be connected to a 
regular server, either but should be returned since a terminal is imitation are not known, 
either, when the user characteristic data which are not right are displayed, in the processing 
!010, a user judges that it is inaccurate and slops dealings. 
[0i)49 fit is a figure showing a flow of processing until it judges thai drawing 1 1 is 
inaccurate when a connected server is a Jake server and comes to stop dealings. The lake 
server cannot access a database regular as a matter of course Therefore, the fake server 
cannot grasp a relation of user-identification ID and user characteristic data as shown in 
drawing 5. and cannot search regular user characteristic data from card ID received from the 
terminal .1.102. 

[0050 jThe user 1101 makes a card read into the terminal 1 1 02 like 1 i 05, Although the 
terminal 1 102 tells user-identification ID, such as card II.), like ! !0<s to the connected server 
(lake server) I in?, and die lake server 1 103 tends 10 receive this and Sends to search user 
characteristic data with the database 1 104, Since a right value is not registered, user 
characteristic data, which are not right get across to the fake server 1 103 like 1 1 08. further. 



the fake server 1. 1 03 gives these user characteristic data that are not right to the terminal 
1 102 like the processing 1 1 09, and like the processing 1 110, the terminal 1 102 displays 
those user characteristic data that are not right in a display of a terminal, and it urges 
processing to it at. a user. Like the processing 111 .1 , the user 1 101 judges that it is inaccurate 
and takes a measure of a dealings stop. 

1 005 ! JAn embodiment shown below is an embodiment in a case of telling a uses' about user 
characteristic data with a sound. 

10052] With a sound, drawing 12 is a terminal or a terminal in a ease of identifying whether 
a connected server is a genuine article or imitation, and a block diagram of a server, and 
comprises the terminal 10.1 , the settlement center 106, the server 104, and the database 1 05. 
[0053 [The terminal 101 is equipped with the voice output part .1201, and the headphone 
1202 can be connected now to this. In CPU 202 of a terminal, user characteristic data 
received from the server 104 are changed into a sound, and are reproduced by the voice 
response 120 1 , and it is j udged whether users are right user characteristic data. The 
headphone 1202 are for read-out information not being heard by the 3rd person. 
[0054 1 When there is only no screen display in a terminal and a sound also enables it to view 
and listen to it, it becomes a system which is easy to use also for a visually impaired person. 
[0055] An embodiment shown below is an embodiment at the time of enabling it to register 
two or more user characteristic data, being able to change a verifying means if needed, and 
improving safety. 

[0056 jDra wing 13 is a figure showing the User In formation management table accumulated 
in a database in case user characteristic data are plurality, and serves as user-identification 
ID 1301, the user instruction information i 302, and the user characteristic data 1 303 from 
the password 1304. 

[ 00 57] User- idea ti fical ton ID 1301, card ID, an account number, user ID, etc. are used, for 
example. Which user characteristic data are read by the ability to register two or more user 
characteristic data to one user-identification ID is that a user specifies the user instruction 
information 1302, and the user characteristic data .1303 corresponding to it are read. That is, 
about the user characteristic data 1303, user-identification ID 1301 and the user 
characteristic data 1303 which the user instruction information 1302 serves as a key. and 
search is performed, and correspond are read, 

[ 0058 f Since two or more user characteristic data are prepared and it can specify for the user 
presentation information 1 302, Since a user has in a terminal a means to check whether it is 
a s i a even if user chai - i should be 

known by others, since the value used for a check can be changed now if needed, his safety 
improves. When it is judged that the user characteristic data currently used usually were 
stolen, it becomes possible to prevent being stolen to a password by enabling it to choose 
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another user characteristic data by user instruction information. 

j()059|Drawing 14 is a figure showing a terminal screen in case user characteristic data are 
plurality. 

[0060 {After making a card read from the terminal screen 1401a m the terminal screen 
140 If, in order to make a user display the user characteristic data which a user means, the 
input of directions information is urged and the riser characteristic data which suited the 
d true Lions information are di ;p i\ :d aftei that. 

•« • ■ jin the terminal screen 1401b, Screen 1403 to which the input of directions 
information is urged is displayed after a card input, and a user inputs the directions 
information 1404 in the terminal screen 1401c. Thereby, in the terminal screen 140 id, the 
corresponding user characteristic data 1405 are displayed and the user can judge whether it 
is a regular thing. 

[0062] Drawing 15 is a figure showing the flow of processing in case there are two or more 
user characteristic data. 

j 0063 ]A flow of processing between a user, a terminal, a server, and a database is shown. 
[0064 |If the user 1501 makes a card read into the terminal 1502 as shown in 1505, a 
terminal will tell card ID within read card information to the server 1503, as shown in 1506. 
The server 1 503 tells card ID to the database 1 504, as shown in 1 507. 
1 0065 ill" the user 1501 inputs user instruction information into the terminal 1502 as shown 
in 1 508, a terminal will give inputted user instruction information to the server 1.503, as 
shown in 1509. The server 1 503 gives inputted user instruction information to the database 
3 504, as shown in 1 5 .10. 

00( 6 1 From I ser inform at it n accun u u < et charade: stic data are searched with the 
database 1 504 to a key, and in it, card ID and user instruction information are given to the 
server 1503, as shown in 1 511. The server 1503 gives user characteristic data to the terminal 
1 502, as shown in 1512. As shown in 1513, the terminal 1502 displays user characteristic 
data and fells the user 1 501 about them. The user 1501 judges seeing displayed user 
characteristic data whether be a right thing, and as shown in a right case 15 14, he inputs a 
password into the terminal 1502. 

0067]Drawmg, 16 is a vstem conl n I ure including cetuftcate authority which 

this invention applied to authenticating processing including a certificate authority. 
[0068jThe database with which a terminal and 103 store a network, 104 stores a server, and, 
as for 101, a user and 102 store User Information, as for 105, and 106 show a settlement 
center, and 1601 shows a certificate authority.. 

01 i v l t i ! * ' I ! 1 li f I f 

certificate authority 1 601 , it is the example which displayed the user characteristic data of 
this invention, and a user is a right terminal and enabled it to check having connected with a 
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right server. 

[0070 1 Draw mg 1 7 is a figure showing the flow of processing in via the certificate authority 
tn She system of drawing 16. 

on" ! j j Ik (lo v of} i >et seen a uset i termim i i servei a dat tbase and a 

certificate authority is shown, 

[0072 Jif the riser 1 701 makes a card read into the terminal i 702 as shown in 1 706, a 
terminal will, tell card ID within read card information to the server 1703, as shown in 1707. 
The server 1703 tells card ID to the certificate authority 1704. as shown in 1708. 
[0073 fin the certificate authority 1 704, as authentication arithmetic information is retrieved 
lo a key and card ID is shown in 1709 from User information accumulated, a generated 
challenge code is told to the server 1703. The server 1703 tells a challenge code to the 
terminal 1702, as shown in 1.71 0. As shown in 1711, the terminal 1702 calculates a response 
code to a challenge code, and returns it to the server 1 703. The server 1703 passes a 
response code front the terminal 1702 to the certificate authority 1704, as shown in 1712. in 
the certificate authority 1 704, a response code received from the server 1703 is investigated, 
and the server 1703 is passed as an authentication result like 1713. The server 1 703 passes 
card ID previously received from a terminal like 1714 to the database 1 705, when it is 
contents made just j a received authentication result ). Processing is ended without sending 
card ID received from the terminal 1 702 to a database, when it is not contents made just | 
the contents of the authentication result which the server 1703 received j. 
[0074 [User characteristic data corresponding from received card ID are searched with lite 
database 1705 which received card ID from the server 1 703, and it tells the server 1703. The 
server 1703 gives user characteristic data to the terminal 1502, as shown in 1.716. As shown, 
in 1513, the terminal 1592 displays user characteristic data and tells the user 1701 about 
them. The user 1701 judges seeing displayed user characteristic data w hether be a right 
thing, and as shown in a right case 1718, he inputs a password into the terminal 1702. 
[0075 [Drawing 18 was a block diagram of a terminal which used an 1C card, and when it 
attested, it showed that this invention w as applicable. 

[0076]it consists of the terminal 1 801 and IC card 1 809. The terminal 1801 is equipped with 
card l/F for connecting an IC card. CPU 1802 performs program execution, and performs a 
display as a terminal, and an input, and it can specify directions of input and output, of 
information over an IC card, execution operation, ete. 

[0077 |On the other hand, IC card 1 809 is equipped with card i/F 1 8 12 for performing 
transfer of the nonvolatile memory 1813 for storing information, CPU 1810 and the memory 
181 J required for input/output control of information, and processing of encryption and a 
decoding and the terminal 1 801, and data. 

(0078 [Drawing 19 is a figure showing a flow of processing between nonvolatile memory in 
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a user, a terminal, an IC card, and an IC card in order to perform processing by attestation 
by an 1C card, 

[00~9]If the user i 90 ! inserts a card in the terminal 1902 as shown in 1905, the terminal 
1902 will perform read instruction of user characteristic data in an inserted IC card to IC 
card 1903, a? shown in {906. An IC card performs read instruction of user characteristic 
data like I*-'*'" to the nonvolatile memory 1904 of the inside. The nonvolatile memory 1904 
in an IC card reads user characteristic data, and passes user characteristic data like 1 908 to 
IC card ! 903. IC card 1 903 gives user characteristic data to the terminal 1 902, as shown in 
1909. As shown in 1910, the terminal 1902 displays user characteristic data and tells the 
user 1901 about them. The user J. 901 judges seeing displayed user characteristic data 
w hether be a right thing, and as shown in a right case 19 11, he inputs a password into the 
terminal 1902. The terminal 1902 tells a password to IC card 190.3, as shown in 1942. 
[0080 jOn the other hand, as shown in 1913, IC card 1903 issues directions so that a 
password registered may be read to the nonvolatile memory 1904 in an IC card. A password 
read from nonvolatile memory is passed to IC card 1903 like 1914. IC card 1903 performs 
collation processing of a password received from the terminal .1902, and a password read 
from the nonvolatile memory 1904. When a matching result, can get across to the terminal 
1902 and is in agreement from IC card 1903 like 1915, as shown in 1916, settling 
processing is performed between the terminal 1902 and IC card 1903. 
[0081] 

[Effect of the fnvemio t IBs di >playing the information peculiar to a user which only a user 
understands from the connected server to a user, before a user inputs a password, since the 
user can check that it is a right system, he feels easy and can input a password. A user can 
input a password into not knowing as an inaccurate terminal and system by this, and it can 
prevent that a password will be stolen. 

DESCRIPTION OF DRAWINGS 



[ Brief Description of the Drawings j 

(Drawing 1 [The system configuration figure showing one embodiment of tins invention, 

j Drawing 2] A terminal and the block diagram of a server, 

[Drawing 3 [The figure showing a terminal screen. 

[Drawing 4jThe figure showing the flow of processing. 

(Drawing 5 j User Information management table, 

[Draw tng 6 he 1km of a "usei." 

(Drawing 7]The figure showing the flow of a "terminal," 

[ Drawing 8]The figure showing the flow of a "server," 
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| Drawing 9 [The figure showing the .flow of a "database," 

[Drawing 1 0]T!ie figure showing the flow which judges injustice in the case of a fake 
terminal. 

| Drawing 1 1 j The figure iho ving the flow which judges injustice in connection with a fake 
server, 

[Drawing 12 [The terminal in the case of checking with a sound, and. the block diagram of a 
server. 

[Drawing ! 3 [The User Information management table in case user characteristic data are 
plurality. 

[Drawing !4jThe figure showing a terminal screen in case user characteristic data are 
plurality . 

[Drawing 15 [The figure showing the flow of processing in case user characteristic data are 
plurality. 

[Drawing i 6 [A system configuration figure including a certificate authority. 

[ Drawing !7]The figure showing the flow of processing in via a certificate authority. 

j Drawing 1 8)The block diagram of the terminal using an iC card. 

[Drawing 1 9]The figure showing the flow of processing by attestation by an IC card, 

I \ \- Sanations of letters or numerals] 

101 [ - A server, 105 « A database, 106 / - A settlement center, 301a-30.id / - The screen, 
of a terminal 500 / -- The User information table, 501 / - User-identification ID, 502 / - 
User characteristic data, 503 / — Password j - A user, 102 - A terminal, 103 - A network, 
104 



